_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 189 January 28, 2026 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Sven Dietrich's review of "Dissecting the Dark Web - Reverse Engineering the Underground Economy" by Lindsay Kaye o News from the media - RSAC Is More Than the Conference - Pardon Me, But Your GMail Password is Showing - CISA's Whole Vulnerability Catalog - New Ransomware Signals a Healthy Industry o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * Conference and Workshop Announcements o Upcoming calls-for-papers and events * List of Computer Security Academic Positions, by Cynthia Irvine * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: The TCSP flagship conference, the Security and Privacy Symposium, will be held in San Francisco this May. The location has shifted from the Embarcadero to Union Square. It is now a lightning-round event with very short talks compromising a huge program. The associated workshops are particularly cutting-edge this year: LangSec: The 12th Workshop on Language-theoretic Security CyberBio: First International Workshop on Cyberbiosecurity ArtSec: Workshop on Artwork Security and Provenance in the Age of AI SAGAI: Secure Agents for Generative Artificial Intelligence ConPro: Workshop on Technology and Consumer Protection MetaCRiSP: Workshop on Meta-Science and Critical Reflections in Security & Privacy Research Data4SoftSec: Workshop on Datasets for Software Security Sven Dietrich has favored us with review of a book about the Dark Web. The book will be released this spring --- the early bird gets the book! Up until a year ago, the news section of this publication usually contained several descriptions of ransomware attacks or newly revealed zero-days of recently discovered intrusions by nation-state actors. The stories appeared in mainstream media, and many of them were from SEC filings. These seem to have dried up, leading me to wonder if the true state of the nation's cybersecurity is being withheld from public view. Last month I reported on a light-hearted attempt to use generative AI to write the Cipher Editor's letter. This month I will recount my experience in using it for the practical purpose of maintaining the Cipher Calendar of Events. There is good and bad news. The Cipher online Calendar-of-Events is composed by processing the the calls-for-papers for research events with ad hoc software that parses freeform text. It's not perfect, and it requires some user interaction, but generally, it takes only a minute to process the call-for-papers, to generate the entry in the online calendar, and to create the supporting text file. Nonetheless, by the standards of today, that's painfully slow and tedious. Besides, it's a pain to keep the software up-to-date. People take to writing dates with silly UTF characters, location designators are highly variable, and these changes challenge software that has a more limited view of data. We also maintain a page of CFPs, separate from the Calendar, and our associate editor puts a lot of work into that. He generously converts his listing manually into Calendar entries for publication in this newsletter. I've long felt that we need a more efficient system, one that puts minimal burden on conference organizers and Cipher volunteers. Of course, I turned to AI. I found that with only minimal prompting, the Anthropic Claude system could start with the acronym of a conference and quickly find the current call-for-papers, extract all the relevant information, and present it in a simple, condensed format, suitable for inclusion in the calendar. It could also detect that the CFP had not yet been published and tell me the approximate date on which it would appear online. That is a delightful and eminently usable result, and I quickly took advantage of it to populate the calendar. But I feared that my usage was too pedestrian given the seemingly unlimited capabilities of this new tool. Why not generate the whole calendar at once, from one prompt? And if that worked, then we would not need an online calendar, we would only need an AI prompt to generate a calendar, and anyone could have their own, customized, up-to-date calendar, at any time. So in the dialogue with Claude, I asked for the formatted information for all security research conferences and workshops with submission deadlines within the next 180 days. The list that I got back was a good start, but it was hardly comprehensive. Well-established conferences had been omitted, and although they could be found with further prompting (basically, "try harder"), the AI system was strangely blind to some events. So, the simple, customized index for research events is not yet available from AI, although something that is about 80% complete can be had for little effort. This leaves me eager for a better solution, a standardized object that I'd call an Artificial Intelligence Information Prompt (AIIP). An AIIP would be a formatted string for AI queries that produce useful, very accurate results, like those for a comprehensive events calendar. But, we need a way to get beyond the 80% mark. How can conference organizers be sure that their information can be found by AI systems? Without going back to older, cumbersome ideas for uniform data representation, I'm not sure. I do fear that 80% is good enough for most people, that AI will take over the entire process of information retrieval, and 20% of conferences will fail to thrive because they are mysteriously invisible to AI algorithms. A Nursery Rhyme for a New Age A tisket, a tasket, A green and yellow basket. I wrote a letter to my love And on the way I lost it. A mascot, a miscut, A generative mashup. Gen AI wrote a letter to my love, It won his heart, we made up. A song of a wild dove, Is AI my new love? It wrote my letter and my vows, Is it my ergo sum now? Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== ____________________________________________________________________ Book Review By Sven Dietrich January 26, 2026 ____________________________________________________________________ "Dissecting the Dark Web - Reverse Engineering the Underground Economy" by Lindsay Kaye No Starch Press 2026. ISBN 978-1-7185-0460-8 (print) ISBN-13: 978-1-7185-0461-5 (ebook), xxiii + 384 pages The Dark Web is a playground for many shady characters, forming an underground economy of illicit goods and services that attracts much scrutiny. Malware and hacking services can be found there, up for grabs or up for sale. Reverse engineering this underground economy is an interesting task to tackle. The hacker underground has existed in many forms over the years (or decades), from X.25 packet-switched networks to phone/modem-based Bulletin Board Systems (BBSs), to gopher and ftp sites, and eventually to the Dark Web, aka the hidden dark corners of what we now call the Internet. Publicly available browsers such as the Tor browser have made the Dark Web accessible to anyone who wishes to access it. This upcoming book with a scheduled release date of May 2026 dissects the Dark Web from multiple angles. As a reviewer I was given access to an early release version of the book, so your mileage may vary. This roughly 400-page book "Dissecting the Dark Web - Reverse Engineering the Underground Economy" is divided into 12 chapters to cover various aspects of the Dark Web, including operational security, reverse engineering, and analytical thinking. Most chapters are structured around a case study, background, and a set of exercises at the end to perform a knowledge check. The exercise solutions are at the end of the book for the gratification of the reader. Throughout the book, the reader will find information boxes, screenshots of actual Dark Web interactions, content of malware or web pages, and code snippets (yes, treat those as malicious, as per the author's own warning!). Think of it as a series of amuse-bouches to whet your appetite for the real thing! After the introduction, which helps the reader to get oriented, the first chapter 'A Visit to the Dark Web' is about getting to the Dark Web. The chapter starts with a first-person account of the author's exposure to the underground economy of the Dark Web. The chapter describes the tools necessary to access the Dark Web, the modalities of the Dark Web, such as the goods and services you may find there, the people who pass through, the payment systems in use, and perhaps some useful technical software analysis tools to dissect the malware and other pieces of software that one may stumble upon. The second chapter 'Vulnerabilities, Exploits, and Access' focuses on the attackers' ways to compromise a system and gain access to it. Here the reader discovers those techniques, including what would be offered on the Dark Web for performing those breaches, either by buying credentials or the means of acquiring them in other ways. The third chapter 'Malware Delivery Techniques' shifts to approaches for getting malware to their intended target(s), for example by using so-called loaders or even fully instrumented botnets. As for exercises, they are based on recent cases of malware, e.g. the Mirai botnet, which helps the reader get into the minds of the bad guys. In the fourth chapter, the author switches to 'Information stealers.' This is something we often hear about when we read about large password database dumps being published, as they often (but not always) result from attackers instrumenting systems to capture credentials from users. The January 2026 release of a 149-million list of user/password credentials is such an example collected from information stealers that are described in this chapter. One could expect to find the output of such information stealer in the Dark Web eventually. The fifth chapter 'Banking Trojans' describes another high value target from the financial domain. As bank accounts constitute a desirable prize in the form of online access credentials, this is another area of interest on the Dark Web. This could be considered a continuation of listings of credit card numbers from the earlier days of the Dark Web. The sixth chapter switches gears to more evasive techniques to help with malware propagation and delivery: 'Packers and Crypters.' First, these tools are used to prevent early detection of malware by the defenders, as it slows down analysis techniques and can prevent triggers of antivirus or anti-malware systems. Second, the better they are, the higher the prices will be on the Dark Web for the lesser trained hackers to acquire and use. These tools can be applied to the malware described in the third chapter. The seventh chapter 'Command-and-Control Frameworks' describes the communication techniques used by the attackers to interact with their herd of malware, for example. The better and more resilient the techniques are, the higher prices the sellers will achieve for providing a hard-to-eradicate botnet. In the eighth chapter 'Post-Exploitation Toolkits,' the reader learns about the toolkits for acting after an initial foothold on the system has been achieved. As the possibilities are endless, this chapter explores some examples such as further escalation of access, or lateral movement within an enterprise that has been compromised. In the exercise in this chapter, the reader will explore Metasploit's post-exploitation capabilities. In the ninth chapter 'Living off the Land,' the author shows how the attackers minimize the detection risk by (re)using existing operating system tools to complete their nefarious tasks. Such tasks could include discovery of credentials via Active Directory for lateral movement, or tools that facilitate privilege escalation. Such techniques are often applied by ransomware. The tenth chapter 'Windows Ransomware' explains the basics of ransomware in its historical context, as well as the ransomware-as-a-service groups that one would nowadays find on the Dark Web. Ransomware is an ongoing problem for organizations as it can severely disrupt their operations. This chapter focuses on the Windows operating system variants and shows how defenders can develop countermeasures or mitigations to ransomware attacks. The eleventh chapter 'Linux and Esxi Ransomware' is about the Linux and virtualization environment variants of the ransomware. Since many systems operate in the cloud, an attack to the hypervisor (such as VMware's Esxi) would have big impact on an organization using such infrastructure. The last chapter 'Lessons from the Underground Economy' wraps up the book. Here the author muses about the implications of takedown operations, the habits of threat actors, and where the field may be headed due to automation on both sides of the fence. Lindsay Kaye has created a great technical book for those unfamiliar with the 'trenches' of cybersecurity and the Dark Web. It allows the reader to get a hands-on, real-world perspective of what attackers are doing, either by studying the cases described in the book, or taking a first step into the Dark Web to see for themselves. It is aimed at professionals, analysts, and researchers alike who are curious about the 'hacker underground.' I enjoyed reading this book as it brought back memories from my own times of exploration many, many moons ago. ____________________________________________________________________ Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org. ____________________________________________________________________ Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE European Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Thorsten Holz Trent Jaeger Faculty Member Associate Professor CISPA Helmholtz Center for Pennsylvania State University Information Security https://www.cse.psu.edu/~trj1 tcchair at ieee-security.org sp24-chair@ieee-security.org Vice Chair: Treasurer: Alvaro Cardenas Yong Guan Professor Professor University of California, Department of Electrical and Computer Santa Cruz Engineering tcchair at ieee-security.org Iowa State University, Ames, IA 50011 treasurer@ieee-security.org Newsletter Editor: Security and Privacy Symposium, 2025 Chair: Hilarie Orman Marina Blanton Purple Streak, Inc. Associate Professor 500 S. Maple Dr. University at Buffalo Woodland Hills, UT 84653 sp25-chair at ieee-security.org cipher-editor@ieee-security.org TC Awards Chair: Tegan Brennan Assistant Professor Stevens Institute of Technology tbrenna5 at stevens.edu ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year